CVE-2022-23442Incorrect Authorization in Fortinet Fortios

CWE-863Incorrect Authorization4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 52.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortios
Timeline
PublishedAug 3
Latest updateAug 4

Description

An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortios6.2.06.2.11+2
CVEListV5fortinet/fortinet_fortiosFortiOS 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.11, 6.2.10, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

🔴Vulnerability Details

2
GHSA
GHSA-8h27-9qvf-3872: An improper access control vulnerability [CWE-284] in FortiOS versions 62022-08-04
CVEList
CVE-2022-23442: An improper access control vulnerability [CWE-284] in FortiOS versions 62022-08-03

📋Vendor Advisories

1
Fortinet
Inter-VDOM information leaking2022-08-03
CVE-2022-23442 — Incorrect Authorization in Fortinet | cvebase